I doubt this is news to most folks on the Fediverse, but don’t trust Twitter, Facebook, or any company whose business model is advertising to secure your private conversations.
Even if they aren’t up to no good today, it is only a matter of time until they come for your messages.
As it happens, you shouldn’t trust Lemmy DMs either, as they’re not encrypted and can be read by instance administrators. So don’t use them to say anything that you wouldn’t be okay making public.
There was an exploit in version 0.17.0 through 0.19.0 (fixed in 0.19.1) that, from what I understand, allowed people to view DMs of anyone by reporting them, but as you can’t know the ID of a given DM you’re not part of, they couldn’t really target a specific user, but rather would just send reports to a range of potential IDs and see what comes back.
You’re saying this on a platform that has no business model for making money and basically has no security or privacy because you’re trusting whichever random people run the instances.
I doubt this is news to most folks on the Fediverse, but don’t trust Twitter, Facebook, or any company whose business model is advertising to secure your private conversations.
Even if they aren’t up to no good today, it is only a matter of time until they come for your messages.
As it happens, you shouldn’t trust Lemmy DMs either, as they’re not encrypted and can be read by instance administrators. So don’t use them to say anything that you wouldn’t be okay making public.
this should be the default stance when using any built in encryption. always separate the mode of encryption from the mode of transmission.
Someone told me they are public some months ago? Like if someone wanted to look up your lemmy DMs they could.
There was an exploit in version 0.17.0 through 0.19.0 (fixed in 0.19.1) that, from what I understand, allowed people to view DMs of anyone by reporting them, but as you can’t know the ID of a given DM you’re not part of, they couldn’t really target a specific user, but rather would just send reports to a range of potential IDs and see what comes back.
I’ve been hearing a lot of straight up adverts about WhatsApp recently, which I found interesting.
I saw a WhatsApp ad on Prime. And it was focused on the encryption aspect. “WhatsApp can’t even read your messages” or whatever. Was weird.
I’m hearing a lot of that on the radio.
You’re saying this on a platform that has no business model for making money and basically has no security or privacy because you’re trusting whichever random people run the instances.
And I treat this platform accordingly. There is no expectation of privacy here. You are a private as you choose to be.